薇尔薇 薇尔薇
/ Article / 10浏览

路由器中使用Redir-Host和TPoxy代替Fake-ip和TUN

文章目录

引入

路由器中的代理方式已全部换成TPROXY,TCP和UDP都是TPROXY,DNS使用Redit-Host
因为TPROXY基于网络层,所以不能使用域名匹配规则,需要结合嗅探实现域名规则匹配
可以修改HTTP和TLS流量(HTTPS),TLS基于ClientHello中的SNI

如果是客户端使用,仍然推荐使用fake-ip

具体配置

port: 8080
socks-port: 1080
allow-lan: true
bind-address: "*"
mode: rule
log-level: info
ipv6: false
profile:
  store-selected: true
  store-fake-ip: false
unified-delay: true
tcp-concurrent: true
dns:
  enable: true
  ipv6: false
  listen: '[::]:1053'
  enhanced-mode: redir-host
  use-hosts: true
  rebind: false
  default-nameserver:
    - 223.5.5.5
  nameserver:
    - https://cloudflare-dns.com/dns-query
  nameserver-policy:
    "geosite:cn,private,category-game-accelerator-cn,category-games,apple,apple-cn":
      - 127.0.0.1:53
  proxy-server-nameserver:
    - 127.0.0.1:53
  respect-rules: true
  prefer-h3: true
  use-system-hosts: true
proxy-providers:
proxies:
  - name: us_vless
    server: 
    port: 443
    reality-opts:
      public-key: 
      short-id: 
    client-fingerprint: chrome
    type: vless
    uuid: 
    tls: true
    tfo: false
    flow: xtls-rprx-vision
    skip-cert-verify: false
    servername: 
    network: tcp
    udp: true
    packet-encoding: xudp
pr: &pr
  type: select
  proxies: [PROXY, 香港故转, 新加坡故转, 日本故转, 香港自动, 日本自动, 新加坡自动, 美国自动, 香港节点, 日本节点, 美国节点, 全部节点, DIRECT]
proxy-groups:
  - {name: PROXY, type: select, proxies: [香港故转, 新加坡故转, 日本故转, 香港自动, 日本自动, 新加坡自动, 美国自动, 香港节点, 日本节点, 美国节点, 全部节点, DIRECT]}
  - {name: MATCH, !!merge <<: *pr}
  - {name: 香港节点, type: select, include-all: true, filter: "(?i)港|hk|hongkong|hong kong"}
  - {name: 日本节点, type: select, include-all: true, filter: "(?i)日|jp|japan"}
  - {name: 美国节点, type: select, include-all: true, filter: "(?i)美|us|unitedstates|united states"}
  - {name: 香港故转, type: fallback, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(港|HK|(?i)Hong))^((?!(台|日|韩|新|深|美)).)*$"}
  - {name: 日本故转, type: fallback, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(日|JP|(?i)Japan))^((?!(港|台|韩|新|美)).)*$"}
  - {name: 新加坡故转, type: fallback, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(新|SG|(?i)Singapore))^((?!(港|台|日|韩|美)).)*$"}
  - {name: 香港自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(港|HK|(?i)Hong))^((?!(台|日|韩|新|深|美)).)*$"}
  - {name: 日本自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(日|JP|(?i)Japan))^((?!(港|台|韩|新|美)).)*$"}
  - {name: 新加坡自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(新|SG|(?i)Singapore))^((?!(港|台|日|韩|美)).)*$"}
  - {name: 美国自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(美|US|(?i)States|America))^((?!(港|台|日|韩|新)).)*$"}
  - {name: 全部节点, type: select, include-all: true}
rule-anchor:
  ip: &ip
    type: http
    interval: 86400
    behavior: ipcidr
    format: mrs
  domain: &domain
    type: http
    interval: 86400
    behavior: domain
    format: mrs
  class: &class
    type: http
    interval: 86400
    behavior: classical
    format: text
  yaml: &yaml
    type: http
    interval: 86400
    behavior: domain
    format: yaml
    path: payload
rule-providers:
  STUN:
    <<: *yaml
    url: "https://ghfast.top/https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/refs/heads/master/rule/Clash/STUN/STUN.yaml"
rules:
  - DOMAIN-SUFFIX,mojang.com,PROXY
  - DOMAIN-SUFFIX,vio.vin,PROXY
  - DOMAIN-SUFFIX,violet.vin,PROXY
  - DOMAIN-SUFFIX,tailscale.io,DIRECT
  - GEOSITE,github,PROXY
  - GEOSITE,onedrive,DIRECT
  - GEOSITE,microsoft,DIRECT
  - GEOIP,CN,DIRECT
  - GEOIP,private,DIRECT
  - MATCH,MATCH
find-process-mode: off
keep-alive-idle: 600
keep-alive-interval: 15
external-ui: ui
external-ui-url: https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip
external-controller: '[::]:9090'
secret: "998879"
mixed-port: 7890
redir-port: 7891
tproxy-port: 7892
tun:
  enable: false
  auto-route: false
  auto-redirect: false
  auto-detect-interface: false
  device: nikki
  stack: system
  mtu: 9000
  gso: true
  gso-max-size: 65536
  endpoint-independent-nat: false
sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
  sniff:
    HTTP:
      port:
        - "80"
        - "8080"
      override-destination: true
    TLS:
      port:
        - "443"
        - "8443"
      override-destination: true
    QUIC:
      port:
        - "443"
        - "8443"
      override-destination: true
geodata-mode: true
geodata-loader: standard
geox-url:
  geosite: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat
  mmdb: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.metadb
  geoip: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat
  asn: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/GeoLite2-ASN.mmdb
geo-auto-update: true
geo-update-interval: 30

此处只对部分配置做出说明

DNS配置

  rebind: false
  default-nameserver:
    - 223.5.5.5
  nameserver:
    - https://cloudflare-dns.com/dns-query
  nameserver-policy:
    "geosite:cn,private,category-game-accelerator-cn,category-games,apple,apple-cn":
      - 127.0.0.1:53
  proxy-server-nameserver:
    - 127.0.0.1:53
  • rebind:如果DNS返回的IP为内网IP则丢弃,关闭原因是对自己使用的DNS提供商足够自信,不会有DNS污染,自己有一些服务部署在内网,配置了域名,需要获取到内网IP
  • default-nameserver:用于解析nameserver中的IP,也可以使用基于IP的HTTPS
  • nameserver:默认DNS,除了nameserver-policy中指定的,其余都使用这个DNS
  • nameserver-policy:DNS分流规则
    • geosite:cn,private,category-game-accelerator-cn,category-games,apple,apple-cn:直连DNS
  • proxy-server-nameserver:节点中的域名解析为IP使用的DNS

嗅探

启用并配置对应需要嗅探的端口

其他

  • find-process-mode:匹配进程,路由器中不需要
  • tun:不需要,使用TPROXY

最终效果

类型为TProxy
域名匹配规则生效
分流正常

更新于
violet
Article
Article
长文

相关文章

DNS分流设置,AdGuardHome、Dnsmasq、ChinaDNS-NG
DNS分流设置,AdGuardHome、Dnsmasq、ChinaDNS-NG
Tailscale subnet 中的设备单独加入 tailnet 之后,该设备无法通过原局域网 IP 访问
Tailscale subnet 中的设备单独加入 tailnet 之后,该设备无法通过原局域网 IP 访问
ESNI和ECH
ESNI和ECH
HTTPS抓包
HTTPS抓包
最近在干嘛(三四月)
最近在干嘛(三四月)
LibreOffice Python Macro 开发
LibreOffice Python Macro 开发

0

  1. This post has no comment yet

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注